2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-31146 via vyper (>=0.1.0b12 <=0.3.7)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-31146 Source advisory: OSV:PYSEC-2023-77...

in-toto vulnerable to Configuration Read From Local Directory

Impact The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification 1. Among the files read is .intotorc which is a hidden file in the directory in which in-tot...

GHSA-WC64-C5RV-32PF in-toto vulnerable to Configuration Read From Local Directory

Impact The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification 1. Among the files read is .intotorc which is a hidden file in the directory in which in-tot...

Malicious code in wagyu-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef98b86deb0d82a3874d3caaafddc65b5389ca664ff9bc949a3c3c8ee43a8b83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-955 Malicious code in wagyu-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef98b86deb0d82a3874d3caaafddc65b5389ca664ff9bc949a3c3c8ee43a8b83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Trucking on with DotDumper

Trucking on with DotDumper By Trellix · May 11, 2023 This blog was written by Max Kersten On the 11th of August 2022, the initial public version of DotDumper was released. A brief refresh: DotDumper is an open-source automatic unpacker for DotNet Framework targeting files. This blog marks a publi...

CVE-2023-32076

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

CVE-2023-32076 in-toto vulnerable to Configuration Read From Local Directory

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

CVE-2023-32076 in-toto vulnerable to Configuration Read From Local Directory

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.16 security update

Red Hat OpenShift Container Platform release 4.12.16 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of...

Directory traversal

A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could...

CVE-2023-20098

Cisco SD-WAN vManage Software’s CLI has a directory-traversal filtering flaw in system commands. An authenticated, local attacker with administrative privileges could exploit this to delete arbitrary files, including root-owned files. Root cause: improper filtering of directory traversal sequence...

CVE-2023-22788

CVE-2023-22788 involves multiple authenticated command injection vulnerabilities in the Aruba InstantOS and ArubaOS 10 command line interface. The underlying issue allows an attacker with authenticated access to execute arbitrary commands as a privileged user on the underlying OS. Affected stack ...

Fedora: Security Advisory for rust-tealdeer (FEDORA-2023-cc21019773)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rust-bodhi-cli (FEDORA-2023-cc21019773)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: rust-tealdeer-1.6.1-2.fc38

Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching support...

[SECURITY] Fedora 38 Update: rust-bodhi-cli-2.1.0-2.fc38

Bodhi CLI client based on bodhi-rs...

2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-30837 via vyper (>=0.1.0b12 <=0.3.7)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-30837 Source advisory: OSV:GHSA-MGV8-GGGW-MRG6...

CVE-2023-27993

A relative path traversal CWE-23 in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands...

Path traversal

A relative path traversal CWE-23 in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands...